Security Alerts and Updates

  Susan Bradley’s Master Patch List  (Windows)
  Latest Security Updates for Apple Software

February, 2019  (Click listings for more information) .
20  Microsoft Edge secret whitelist allows Facebook to autorun Flash.
20  Attack kit combines Trojans and tools to spread miners, steal data.
19  Cards used at 137 restaurants exposed by point-of-sale breach.
19  Microsoft releases updates for Win10 versions 1803, 1709, & 1703.
19  GandCrab decrypter available for v5.1, new 5.2 variant already out.
18  Three known issues added to last week’s updates for Windows.
18  Rietspoof Malware drops multiple malicious payloads.
17  Third round of hacked databases up for sale on the Dark Web.
16  The Week in Ransomware – Attack on MSPs, and more.
16  Google changes stance on upcoming Chrome Manifest V3 changes.
15  18,000 Android apps track users by violating ID policies.
15  Cryptojacking Coinhive miners land on the Microsoft Store.
14  127 million stolen accounts up for sale on the dark web.
14  Security vulnerabilities fixed in Thunderbird 60.5.1.
14  Emotet uses camouflaged macros to avoid antivirus detection.
14  Mozilla adds persistent private browsing to Firefox for iOS.
13  Malware disables macOS Gatekeeper to run payloads.
13  OpenOffice zero-day flaw gets free micropatch.
13  Misc., minor problems with the Patch Tuesday patches.
13  Scarlet Widow gang entraps victims using romance scams.
12  Microsoft releases the February 2019 updates for Office.
12  Patch Tuesday patches start rolling out.
12  Adobe releases security fixes for Flash Player, & more.
12  Security vulnerabilities fixed in Firefox 65.0.1.
11  Patch lady – Make sure your 1099s are private.
11  Privacy flaw in macOS gives access to browsing history.
11  Microsoft states Windows Update DNS issues are finally fixed.
11  Adobe Reader zero-day micropatch available for malicious PDFs.
10  Facebook, Twitter trackers whitelisted by Brave Browser.
08  The Week in Ransomware – Shady Data Recovery Companies.
08  Microsoft: Watch out for zero days; deferred patches, not so much.
08  Apple patched two actively exploited zero-days in iOS 12.1.4.
07  New phishing attack uses Google Translate as camouflage.
07  Wells Fargo hit by nationwide outage, ATMs & online banking down.
07  Fix released for Group FaceTime Snooping Bug in iOS & macOS.
06  Google eliminates more spam from Gmail with TensorFlow.
06  Scammers are exploiting Gmail ‘dot accounts’ for online fraud.
06  macOS vulnerability allows access to passwords in the Keychain.
05  Microsoft issues the February 2019 Non-Security Office updates.
05  Microsoft: Windows Update problems were caused by DNS issues.
05  OpenOffice vulnerable to remote code execution, LibreOffice patched.
05  Google launches Chrome Password Checkup extension.
05  Firefox 65 rollout resumes after AVs disable HTTPS scanning.
04  Windows 10 Update continues having issues after DNS fixes.
04  Google begins rolling out Android security patch to Pixel devices.
04  Microsoft Authenticator App now delivers security notifications.
04  Windows 3.0 File Manager reborn in all its nostalgic glory.
03  Houzz Break-In: Data Breach Announced.
02  Sextortion scam states hacked Xvideos recorded you via webcam.
01  The Week in Ransomware – LockerGoga, MalSpam, & more.
01  Mozilla halts Firefox 65 rollout due to certificate errors.
01  Apple apologizes for FaceTime bug, fix coming next week.
01  NSA Releases Guidance on Side-Channel Vulnerabilities.
01  The January Windows and Office patches are good to go.

January, 2019  (Click listings for more information) .
31  Apple blocks Google’s developer certificate, internal apps.
31  The Windows Update servers are having hiccups.
30  Dozens of Android apps collect selfies, push porn ads.
30  It’s not just Facebook: Google also pays people to spy on them.
30  Mozilla finally nixing extensions in Firefox Private windows.
30  In general, the January patches look relatively benign.
29  Google Chrome 72 removes HPKP, deprecates TLS 1.0 & TLS 1.1.
29  Apple disabled Group FaceTime while working on bug fix.
29  New Privacy & Compliance Features added to Microsoft 365.
29  Firefox 65 released with updated Content Blocking, and more.
29  Microsoft 365 is experiencing issues again.
28  Spam Campaign redirects you to NSFW Phishing Scams.
28  FaceTime bug lets callers snoop on you without permission.
28  Azorult Trojan steals passwords while hiding as Google Update.
27  DailyMotion discloses credential stuffing attack.
25  Microsoft 365 suffers 2 day outage, Outlook & Exchange down.
25  The Week in Ransomware – STOP Won’t Stop!
25  Surface Go LTE Advanced & Laptop 2 get firmware updates.
24  Malvertisers target Mac users with steganographic code.
24  Google Chrome adding malicious drive-by-downloads protection.
24  New malware uses fileless infection to avoid detection.
24  Some Office 365 users are unable to access their mailboxes.
24  Microsoft explains the confusion over .NET 1809 update.
23  Patch Lady – bring it on.
23  Voicemail phishing campaign tricks you into verifying password.
23  January patch podcast & Windows 7 master patch spreadsheet.
23  How the U.S. Govt. Shutdown Harms Security.
22  Apple releases iOS, macOS, watchOS, and tvOS updates.
22  Microsoft releases cumulative update for Win10 Version 1809.
22  Online casino database leaks details of over 100 million bets.
21  Malwarebytes fixes Windows 7 freeze problem in new update.
21  New malware uses Google Drive as its command-and-control server.
21  Susan gives the go-ahead for installing this month’s patches.
21  Windows 10 updates for versions 1607 to 1803 released.
18  Google cracks down on access to your Android phone and SMS data.
18  Twitter bug left Android users’ tweets exposed for 4 years.
18  Android malware apps use motion sensor to evade detection.
18  There’s a new Edge local IP networking bug in Win10.
17  773M Password ‘Megabreach’ is Years Old.
17  VoIP provider leaves huge database exposed online.
17  Fix for Windows 10 failing to install KB4023057 update.
17  Win10 1803 starts to roll out to Win10 users with “Semi-Annual Channel”.
17  Microsoft starts its ‘phased rollout’ of Win10 1809.
16  Flight Booking System Flaw Affected Customers of 141 Airlines.
16  Hackers infect e-commerce sites by compromising their advertising partner.
15  New cumulative updates for Win10 1703, 1709 & 1803.
15  BEC Scammers Go After Employee Paychecks.
15  Google is removing apps from the Play Store that ask for Call Log and SMS permissions.
14  A week in security (January 7 – 13) Malwarebytes.
14  Windows 7 extended support ends one year from today.
13  Twitter gives away more location data than you think.
12  The Week in Ransomware — Access-as-a-Service.
12  Win7 patch issued to fix the bug in this month’s patch.
11  Microsft to claim 7GB on Windows 10 devices for updating.
11  Patch Lady – That SMB issue isn’t SMB.
09  Google adds DNS-over-TLS support to its Public DNS service.
09  Using Google Knowledge Graph to spoof search results.
09  Two January patches for Win7 break networking.
08  Latest Malwarebytes update causing Windows 7 to freeze.
08  85 adware apps in Google Play installed 9 million times.
08  Patch Tuesday patches are here.
08  New Side-Channel Attack Steals Data from Page Cache.
07  OXO discloses attack that targeted customer data on
07  Google emails users about data exposed by Google+ API bug.
07  Apple iOS games talking to Golduck malware C&C servers.
05  27% of passwords from Town of Salem breach cracked.
05  New ReiKey app for macOS can detect Mac keyloggers.
05  Microsoft yanks buggy Office 2010 non-security patches.
04  The Week in Ransomware – IPMI, FilesLocker, and More.
04  Unencrypted passport numbers accessed in Starwood breach.
04  Face Unlock Feature Is Useless in 4 out of 10 Phones.
04  Phishing tactic uses custom web fonts to prevent detection.
03  Android malware combines info-stealing & phishing features.
03  Apple releases iOS 12.1.2  for iPhones and iPads.
03  Android Messages Can Now Detect and Block Spam.
03  Adobe Acrobat and Reader security updates released.
03  January 2019 non-security Office updates have been posted.
03  Apple Phone Phishing Scams Getting Better.
02  Windows 10 October 2018 Update bug breaks FLAC support.
02  Abine Blur Password Manager user data exposed online.
02  Upgrading to Win10 1809 may break the built-in “Administrator”.
02  Decrypt the FilesLocker Ransomware with FilesLockerDecrypter.

December, 2018  (Click listings for more information) .
31  Vendors start to shut the doors on Windows 7.
31  7-Zip 18.06 file archiver released.
30  Windows Zero-Day Bug Allows Overwriting Files.
30  Cellphone security flaws threaten our privacy & bank accounts.
30  Flaws allow access to Guardzilla smart camera video recordings.
29  Beware of American Express emails with attached phishing form.
28  Patch Lady – it’s O-souji time for your computer.
27  Exploit code published for remote code execution via Microsoft Edge.
26  More evidence that the forced push to 1809 is upon us.
24  MS-DEFCON 4: Time to get December patches installed.
24  New Office installations will be 64-bit, not 32-bit.
22  Patch Lady – issues with out of band on 1607.
22  Tech support scam causes Chrome Browser to use 100% of the CPU.
22  Microsoft is pushing Win10 1809 on non-seeker machines.
21  The Week in Ransomware – No More Ransomware.
21  Decrypt the Stupid Ransomware Family with StupidDecrypter.
21  Mystery patches for IE and Outlook 2013 leave many questions.
21  Intel updates its Windows Modern Drivers for Windows 10.
20  Another hurried fix for an Outlook 2013 bug.
20  Fake Amazon Order Confirmations Push Banking Trojans.
20  Unauthorized access to private Alexa recordings due to an error.
20  Reported crash with the new out-of-band IE fix on Win7.
19  Microsoft Releases Out-of-Band Security Update for IE.
18  Apple ID phishing attack pretends to be App Store receipts.
18  Extortion email threatens to send a hitman unless you pay 4K.
18  Windows 10 version 1809 “now available for advanced users”.
17  How to decrypt the InsaneCrypt or Everbe 1 ransomware.
17  Microsoft highlights this month’s updates to Microsoft 365.
17  AV Real-World Protection Test July-November 2018.
16  Microsoft Weekly: Patches, hardware, and subscriptions.
16  How to decrypt HiddenTear Ransomware with HT Brute Forcer.
16  Phishing attack pretends to be a Office 365 non-delivery email.
14  No, You Don’t Need Antivirus on a Chromebook(?).
14  The Week in Ransomware – December 14th – Slow Week.
14  Facebook photo API bug exposed pics of millions of users.
14  WordPress Security Patch Addresses Privacy Leak Bug.
13  Bomb threat email scam campaign demands $20K in Bitcoin.
13  How to disable Windows 10 driver updates.
13  LamePyre macOS malware sends screenshots to attacker.
12  Google Releases Security Updates for Chrome.
12  Patch Tuesday breaks records — some good, most bad.
12  Android malware tricks user to log into PayPal to steal funds.
12  Phones are selling location data from “trusted” apps.
11  December 2018 Patch Tuesday is under way.
11  Mozilla Firefox 64.0 Released – Here’s What’s New.
11  Adobe Releases Security Updates for Acrobat and Reader.
10  Google+ API bug puts at risk privacy of over 52 million users.
10  Microsoft’s new Edge browser to support Chrome extensions.
10  How to hide KB 4023057 – and any other Win10 updates.
09  Patch Lady – Office 365 prioritization.
08  Sextortion emails leading to ransomware & info-stealing Trojans.
08  WebKit vulnerability affects latest versions of Apple Safari.
07  The Week in Ransomware – WeChat Ransomware, Scammers.
07  DNA testing kits & the security risks in digitized DNA.
07  Microsoft pushes yet another version of KB 4023057.
07  Now is a good time to install the Nov. Windows & Office patches.
06  Microsoft yanks buggy cumulative update for Win10 version 1803.
06  Microsoft is rebuilding Edge Browser using Chromium.
06  Adobe Releases Security Updates.
05  Michael Horowitz: Killing Windows Update on Win10.
05  Microsoft finally releases a new build of Win10 version 1809.
05  Apple Fixes Passcode Bypass, RCE Vulnerabilities, & More.
05  Google Maps Users are Receiving Notification Spam.
04  December non-Security Office Updates have been released.
04  Microsoft posts downloadable disc images of Windows 7 & 8.1.
04  Chrome 71 released with abusive ad filtering & audio blocking.
04  Last month’s update for Win10 1803 is bricking Surface Book 2.
03  Quora Hacked – 100 Million User’s Data Exposed.
03  Google begins rolling out December Android security patch.
03  Another problem blocks upgrade to Win10 version 1809.
03  Scam iOS fitness apps steal money through Apple Touch ID.
03  Jared, Kay Jewelers Parent Fixes Data Leak.
02  Patch Lady – There is something I don’t get.
01  What the Marriott Breach Says About Security.